According to cyber forensics course specialists, GitHub, open source software development platform, has been the target of a campaign of aggressive cyberattacks. During the attacks, the threat actors removed code repositories and demanded the developers a ransom in exchange for restoring the deleted code.
The first reports indicate that the attack would have occurred during last Friday, May 3; So far we know of a hundred cases of developers who suffered the removal of their source code.
The ransom note received by the affected users claims that the source code was downloaded and stored on an anonymous server, controlled by the attackers. Developers have a ten-day deadline to meet the hackers’ demands, cyber forensics course specialists mentioned. The note concludes by stating that, if the ransom is not received, hackers will publicly disclose the stolen source code.
GitHub, owned by Microsoft several months ago, conducted an internal investigation, concluding that at least 392 repositories are compromised. GitHub cyber forensics course team claims that all administrators of the accounts committed during the attack have already been notified about the incident.
A statement published by the software development platform mentions: “As a result of the investigation, we discovered enough evidence to confirm that the compromised accounts kept their access codes stored in plain text in user-related repositories”, a determining factor for the attack to succeed.
Specialists from the International Institute of Cyber Security (IICS) highlight the growing number of security incidents on Microsoft-owned platforms. In recent days, the access codes for some Microsoft employees were extracted, leading to unauthorized access to multi-user Outlook accounts, information theft, and even cryptocurrency theft in some cases.
Last year, Microsoft paid over $2M USD due to its vulnerability bounty program; this year, the company announced an expansion of the program that will encompass its various services and platforms, including GitHub.